[MAVEN:GHSA-8XFC-GM6G-VGPV] Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Severity
Moderate
Affected Packages
13
Fixed Packages
12
CVEs
1
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
| Package | Affected Version |
|---|---|
 pkg:maven/org.bouncycastle/bctls-jdk18on
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bctls-jdk15to18
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bctls-jdk14
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk18on
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk15to18
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk15on
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk14
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bcpkix-jdk18on
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bcpkix-jdk15to18
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bcpkix-jdk14
|
< 1.78 |
|
pkg:maven/org.bouncycastle/bc-fips
|
< 1.0.2.5 |
|
pkg:maven/BouncyCastle.Cryptography
|
< 2.3.1 |
|
pkg:maven/BouncyCastle
|
< 2.3.1 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.bouncycastle/bctls-jdk18on
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bctls-jdk15to18
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bctls-jdk14
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk18on
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk15to18
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk15on
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bcprov-jdk14
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bcpkix-jdk18on
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bcpkix-jdk15to18
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bcpkix-jdk14
|
= 1.78 |
|
pkg:maven/org.bouncycastle/bc-fips
|
= 1.0.2.5 |
|
pkg:maven/BouncyCastle.Cryptography
|
= 2.3.1 |
- ID
- MAVEN:GHSA-8XFC-GM6G-VGPV
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
- Published
-
2024-05-14T15:32:54
(2 months ago) - Modified
-
2024-05-14T20:22:02
(2 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.bouncycastle/bctls-jdk18on | org.bouncycastle |
bctls-jdk18on
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bctls-jdk18on | org.bouncycastle |
bctls-jdk18on
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bctls-jdk15to18 | org.bouncycastle |
bctls-jdk15to18
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bctls-jdk15to18 | org.bouncycastle |
bctls-jdk15to18
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bctls-jdk14 | org.bouncycastle |
bctls-jdk14
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bctls-jdk14 | org.bouncycastle |
bctls-jdk14
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk18on | org.bouncycastle |
bcprov-jdk18on
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk18on | org.bouncycastle |
bcprov-jdk18on
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk15to18 | org.bouncycastle |
bcprov-jdk15to18
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk15to18 | org.bouncycastle |
bcprov-jdk15to18
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk15on | org.bouncycastle |
bcprov-jdk15on
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk15on | org.bouncycastle |
bcprov-jdk15on
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle |
bcprov-jdk14
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bcprov-jdk14 | org.bouncycastle |
bcprov-jdk14
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bcpkix-jdk18on | org.bouncycastle |
bcpkix-jdk18on
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bcpkix-jdk18on | org.bouncycastle |
bcpkix-jdk18on
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bcpkix-jdk15to18 | org.bouncycastle |
bcpkix-jdk15to18
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bcpkix-jdk15to18 | org.bouncycastle |
bcpkix-jdk15to18
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bcpkix-jdk14 | org.bouncycastle |
bcpkix-jdk14
|
< 1.78 | |||
| Fixed | pkg:maven/org.bouncycastle/bcpkix-jdk14 | org.bouncycastle |
bcpkix-jdk14
|
= 1.78 | |||
| Affected | pkg:maven/org.bouncycastle/bc-fips | org.bouncycastle |
bc-fips
|
< 1.0.2.5 | |||
| Fixed | pkg:maven/org.bouncycastle/bc-fips | org.bouncycastle |
bc-fips
|
= 1.0.2.5 | |||
| Affected | pkg:maven/BouncyCastle.Cryptography |
BouncyCastle.Cryptography
|
< 2.3.1 | ||||
| Fixed | pkg:maven/BouncyCastle.Cryptography |
BouncyCastle.Cryptography
|
= 2.3.1 | ||||
| Affected | pkg:maven/BouncyCastle |
BouncyCastle
|
< 2.3.1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |